Thursday, 20 May 2010

second life ownership of items

Lawsuit Questions Whether Or Not Second Life Users Really 'Own' Their Virtual Land (TechDirt, 11 May 2010)

IP belongs to Linden Lab now; but ambiguity is there about ownership

suicide and free speech

An interesting issue as a lot of countries prohibit assisting suicide but not suicide itself. Moreover, criminal actions are rarely made of speech only; complicity for example requires something else than mere talking and there is an assumption of personal contact, a one to one contact rather than general advertisement.

Is It Illegal To Tell People How To Commit Suicide Online? (TechDirt, 14 May 2010)

Piracy: looking at IP in other ways

three articles in a week to remind us that we have to rethink IP because of the new technologies, the same way printing forced us to rethink IP. Interestingly enough, Sage publishers are conducting a survey online about open access journals: whether people are in favour of it and on which terms (free of charge or pay to publish type of model)

"EU Digital Agenda Commissioner Admits That 'Piracy' Has Created The Market That Legislators Did Not", TechDirt, 11 May 2010

Swedish Police Say Anti-Piracy Law Has Harmed Ability To Catch Criminals (TechDirt, 18 May 2010)

"Does Intellectual Property Go Against Traditional Views Of Knowledge In India?", TechDirt, 14 May 2010

Privacy infringement

The two infringements make you wonder what non-famous companies do and how they are controlled:

Google Admits It Was Accidentally Collecting Some Open WiFi DataData (TechDirt, 14 May 2010)
EU watchdog slams Facebook privacy settings (Euractiv, 14 May 2010)

and new challenges ahead...

Obviously the question is a matter of sensibility as the US tend to be less concerned than Europe.
Draft Of Privacy Bill Introduced... And Pretty Much Everyone Hates It (TechDirt, 5th May 2010)

Digital Economy Act: after all the controversy, may well be dropped

UK Politicians Looking To Repeal Digital Economy Act (TechDirt, 19 March 2010)

London Wants To Offer Full WiFi Coverage... But How Will That Work With The Digital Economy Act? (TechDirt, 18 March 2010)

UK Regulator Says Digital Economy Act Only Applies To Big Wireline ISPs (TechDirt, 18 March 2010)

Tuesday, 18 May 2010

Critical Legal Studies Conference 2010

With a vested interest as I am chairing stream 9 of the Critical Legal Conference 2010 @ Utrecht in September 2010 : The WWW: great expectations or great disenchantments?

To see all the streams of the Conference on Modernities, click here

Friday, 7 May 2010

enforcing the law: France and US updates

In France, JDN reported on the Institut de la recherche criminelle de la gendarmerie nationale (the Institute on criminal research of the Gendarmerie nationale, the French police force) and its work in the Fort Rosny-sous-bois (the Fortress...). databases, recognition of images, techniques to recover data... - 12 February 2010


More recently, news on the US Cybersecurity Act which first draft was anti-libertarian, "Les Etats-Unis toilettent leur plan de lutte contre la cybercriminalité" JDN, 13 March 2010

Patterns

"Cybercriminals target non-conventional appliances" (ZDnet.co.uk, 09 April 2010). not surprising, and among the devices: mobiles phones, USB flash drives and peripherals.

and DDOS attacks linked with extortion/blackmail notices, "Chinese DDoS attacks hit News Limited" (ZDnet.co.uk, 14 April 2010)

Criminalisation of DRM bypassing - ACTA becoming transparent?

If the process was certainly not transparent, the draft is at last published. Will comments be published and listened to?

"Acta copyright treaty draft gets first public airing" (ZDnet.co.uk, 21 April 2010)

and earlier on, the EU Parliament's rejection of the treaty by 633 to 13! "European Parliament votes down Acta treaty" (ZDnet.co.uk, 11 March 2010)

The gold mine: ID and other data thefts

Between the NHS desktops that were hacked and controlled as part of a botnet, and facebook accounts also hacked, it is obvious that security and privacy are at the heart of cybercrime. Accessing illegally and controlling data/computers is at the heart of a successful criminal entreprise.

"Over 1,000 NHS desktops part of botnet, says Symantec" (ZDnet.co.uk, 23 April 2010)

"iDefense: 1.5 million Facebook accounts for sale" (ZDnet.co.uk, 23 April 2010)

Therefore, one wonders why employers ease restrictions on employees using social networking sites, when usually the security of their own IT systems is average or bad. "Managers ease restrictions on Facebook use" (ZDnet.co.uk, 23 April 2010)

especially when a study by the French CNIL reveals that the most common password used is "123456"!!!!!! JDN, 22 January 2010

Privacy of Wi-fi data: Google Street View

A very interesting story that does not seem to make the big headlines despite its crucial importance in my view.
Google Street View, already criticised for other reasons, all linked to privacy, acknowledged that it takes the Wi-Fi details of people, i.e. their MAC addresses, that will be able to any user using location-based services. In other words, your neighbour or your potential hacker can know all about your Wi-fi, making easier to hack into your computer.
A "bemol" though: if you have configured your Wi-Fi device not to broadcast, the signal and information should not be available. Another reason to do it, if you have not already done so.
"Google explains why Street View cars record Wi-Fi data"

when we know that Google will have 96 pc of the UK roads on it: "Google Street View to cover 96pc of UK roads"

For a general view of privacy issues Google services raise, see the letter addressed to the company ten European authorities in charge of protecting IT users privacy, CNIL, press release 20 April 2010. See also (in French), "Les gardiens de la vie privée exhortent Google à respecter les lois" (Depeches du Juris-Classeur, 23 April 2010)

Security again

Security seems to be the word of the week.
  • The EU commission wants to create an agency to foster better collaboration in cyber-investigations, albeit the UK, Germany and France remain to be convinced. One concerns is also the overlap with ENISA, in addition to the fact that ENISA has not been the success story that it was hoped for when it was launched. "EU to establish cybercrime agency" -Euractiv, 28 April 2010
  • The UK is worried that it does not have enough IT engineers able to implement security and is targeting A-levels pupils and UG to recruit more IT students "UK-wide Cyber Security Challenge kicks off" (ZDnet.co.uk, 29 April 2010)
  • And Beijing is imposing an authorisation on firms developing IT security softwares/solutions, probably less for security reasons than for protectionist motives. JDN, 29 April 2010 (in French)

Security review by Symantec and other issues of web security

Symantec published its report analysing cyber-issues in 2009. Most of the attacks continue to come from the US (19%), followed by China (8%) and a new comer, Brazil (6%). The bulk of the attacks (37%) focuses on acquiring data, then it is accessing structural tools of companies (26%) and piracy (15%). Fraud represents only 2%. It confirms that the new value or currency today is data, rather than money itself as a direct target. In other words, data is worth more than currencies.
The recent story about a Twitter user confirms that data is gold. He was able, after numerous tweets to different users including to a Twitter employee, to find the ID and password of that employee and conduct himself as an Twitter administrator (JDN, 6 May 2010). He has been arrested in France in the Massif Central, after collaboration with the FBI (Obama's account was hacked).

A lot of those attacks are performed by users dowloading PDF documents and believing that their banks would send them e-mails requesting for their information (74% of phishing). It confirms that users are "culprits" as much as the perpetrators. If people were a bit more careful in what they download and read, there would be less succesful attacks. It is certainly the message of Remy Fevrier from the French Gendarmerie Nationale (the French police under the military umbrella) at the FIC or Forum International sur la Cybercriminalite held in Lille from the 31 March to 1st April 2010. He explained that some firms went bankrupt because precious data was stolent by a competitor which was then able to offer the product at a lesser price because it did not have the costs of research and development.

Coming back to the Symantec report, to control other computers, attackers continue to use keystroke softwares, uploading users' details and zombies/botnets I suppose.
Firefox and Safari are the most vulnerable browsers on the web currently. IE and Chrome being stable and quite below (50 instead of around 100).

See the summary in French on JDN "Les menaces IT n'ont pas connu la crise en 2009" (6 May 2010)